Helo,

I posted this before, and made a mistake, did not read first, SORRY, Guys.

this is my problem, i have some kind of pop up virus.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/9/2007 8:13:19 PM
System Uptime: 7/28/2010 12:45:11 PM (5 hours ago)

Motherboard: Dell Inc. | | 0MY171
Processor: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz | Microprocessor | 2327/1333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 207.555 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP938: 6/20/2010 11:43:04 PM - System Checkpoint
RP939: 6/21/2010 12:27:36 AM - System Checkpoint
RP940: 6/22/2010 1:23:09 AM - System Checkpoint
RP941: 6/23/2010 1:58:51 AM - System Checkpoint
RP942: 6/24/2010 2:18:49 AM - System Checkpoint
RP943: 6/25/2010 3:08:11 AM - System Checkpoint
RP944: 6/26/2010 4:02:27 AM - System Checkpoint
RP945: 6/27/2010 4:09:47 AM - System Checkpoint
RP946: 6/28/2010 4:34:27 AM - System Checkpoint
RP947: 6/28/2010 11:44:55 AM - Advanced Registry Optimizer 2010 - Before Installation
RP948: 6/28/2010 11:45:23 AM - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
RP949: 6/28/2010 11:57:48 AM - Removed Ask Toolbar.
RP950: 6/28/2010 11:59:29 AM - Removed Dealio Toolbar v4.0.2.
RP951: 6/29/2010 12:30:48 PM - Norton 360 Registry Clean
RP952: 6/30/2010 1:42:01 PM - System Checkpoint
RP953: 7/1/2010 2:01:58 PM - System Checkpoint
RP954: 7/2/2010 2:38:17 PM - System Checkpoint
RP955: 7/3/2010 2:56:55 PM - System Checkpoint
RP956: 7/4/2010 4:36:19 PM - System Checkpoint
RP957: 7/5/2010 6:40:44 PM - System Checkpoint
RP958: 7/6/2010 7:29:38 PM - System Checkpoint
RP959: 7/7/2010 8:00:52 PM - System Checkpoint
RP960: 7/8/2010 11:18:29 PM - System Checkpoint
RP961: 7/9/2010 12:29:33 AM - Installed Windows Internet Explorer 8.
RP962: 7/9/2010 12:30:21 AM - Software Distribution Service 3.0
RP963: 7/9/2010 1:23:52 AM - Installed Windows Internet Explorer 8.
RP964: 7/9/2010 10:12:28 AM - Removed Microsoft IntelliPoint 7.1
RP965: 7/9/2010 10:34:48 AM - Norton 360 Registry Clean
RP966: 7/10/2010 10:44:02 AM - System Checkpoint
RP967: 7/11/2010 12:35:54 PM - System Checkpoint
RP968: 7/12/2010 2:18:36 PM - System Checkpoint
RP969: 7/13/2010 5:59:02 PM - System Checkpoint
RP970: 7/14/2010 1:24:54 AM - Norton 360 Registry Clean
RP971: 7/14/2010 5:46:52 PM - Software Distribution Service 3.0
RP972: 7/15/2010 8:00:01 PM - Removed WeatherBug
RP973: 7/16/2010 8:00:17 PM - System Checkpoint
RP974: 7/17/2010 9:00:18 PM - System Checkpoint
RP975: 7/18/2010 10:56:12 PM - System Checkpoint
RP976: 7/19/2010 3:22:13 PM - Norton 360 Registry Clean
RP977: 7/20/2010 3:58:11 PM - System Checkpoint
RP978: 7/21/2010 4:51:22 PM - System Checkpoint
RP979: 7/22/2010 5:02:05 PM - System Checkpoint
RP980: 7/23/2010 5:03:16 PM - System Checkpoint
RP981: 7/24/2010 7:01:01 PM - System Checkpoint
RP982: 7/26/2010 12:30:11 AM - Removed Microsoft Silverlight
RP983: 7/26/2010 6:08:11 PM - Software Distribution Service 3.0
RP984: 7/26/2010 6:29:07 PM - Installed Windows Defender
RP985: 7/26/2010 6:32:10 PM - Software Distribution Service 3.0
RP986: 7/26/2010 9:58:31 PM - Installed Windows Internet Explorer 8.
RP987: 7/26/2010 11:03:51 PM - Installed %1 %2.
RP988: 7/26/2010 11:47:59 PM - Removed Dealio Toolbar v4.0.2.
RP989: 7/26/2010 11:50:05 PM - Removed ooVoo
RP990: 7/27/2010 12:14:53 AM - Installed Windows Internet Explorer 8.
RP991: 7/27/2010 12:55:19 AM - Removed Microsoft Silverlight
RP992: 7/28/2010 1:39:30 AM - Software Distribution Service 3.0
RP993: 7/28/2010 11:20:31 AM - Software Distribution Service 3.0
RP994: 7/28/2010 11:43:21 AM - Software Distribution Service 3.0
RP995: 7/28/2010 12:14:52 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.3
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
APA PERRLA
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Advanced Control Suite
CA Yahoo! Anti-Spy (remove only)
Channel Master
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 924
Dell SAS RAID Storage Manager v1.16-00
Download Updater (AOL LLC)
Flash Movie Player 1.4
FLV Player 2.0 (build 25)
GearDrvs
getPlus(R)_ocx
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
iTunes
Java(TM) 6 Update 3
Loader
Loki ActiveX Control
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MobileMe Control Panel
Move Media Player
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OTOY
Picasa 2
PowerDVD 5.7
PVRLoader
QuickTime
Rhapsody Player Engine
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Update Manager
Spybot - Search & Destroy
StarOffice 8
StarOffice 8 Product Update 9
Symantec Technical Support Web Controls
The Weather Channel Toolbar
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Weather Services
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

7/28/2010 11:57:50 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).
7/27/2010 1:07:54 AM, error: SYMMPI [9] - The device, \Device\Scsi\SYMMPI1, did not respond within the timeout period.
7/27/2010 1:07:54 AM, error: SYMMPI [11] - The driver detected a controller error on \Device\Scsi\SYMMPI1.
7/26/2010 9:23:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/26/2010 9:23:55 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2010 4:26:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/26/2010 12:54:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/26/2010 12:37:41 AM, error: Service Control Manager [7022] - The WebClient service hung on starting.
7/25/2010 12:12:35 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer KIM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B3FADD1-2BE4-431D-A8. The master browser is stopping or an election is being forced.
7/25/2010 11:08:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
7/23/2010 4:10:07 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer ERICA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B3FADD1-2BE4-431D-. The master browser is stopping or an election is being forced.

==== End Of File ===========================




DDS (Ver_10-03-17.01) - NTFSx86
Run by pat at 16:59:31.93 on Wed 07/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.840 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\pat\Desktop\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pat\Local Settings\Temporary Internet Files\Content.IE5\JPUS3W72\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: LocationFinder Class: {bc0e8ad7-13aa-4694-8edd-0246bc47a35f} - c:\program files\skyhook wireless\loki activex component\versions\3.4.2.20\loki.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Search - ?p=ZJxdm128NTUS
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {670821E0-76D1-11D4-9F60-009027A966BF} - hxxp://racing.youbet.com/wr_6_2/controls/ybrequest.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173892378687
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} - hxxps://secure.sunterra.com/US/downloads/svideo3.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-14 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-1-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-1-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-1-27 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100726.001\IDSXpx86.sys [2010-7-28 331640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-1-27 117640]
R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\pat\desktop\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-4 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100728.002\NAVENG.SYS [2010-7-28 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100728.002\NAVEX15.SYS [2010-7-28 1362608]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\fix-it\mailscan.sys --> c:\progra~1\avanqu~1\fix-it\MailScan.sys [?]

=============== Created Last 30 ================

2010-07-28 15:52:18 0 d-----w- c:\docume~1\pat\applic~1\Safer Networking
2010-07-28 15:38:20 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-07-28 06:06:45 0 d-----w- c:\windows\system32\XPSViewer
2010-07-28 06:00:33 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-28 06:00:33 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-28 06:00:32 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-28 06:00:31 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-28 06:00:31 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-28 06:00:31 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-28 06:00:31 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-28 06:00:29 0 d-----w- C:\1139a1808caf8e9ed82d
2010-07-28 05:53:14 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 20:28:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-27 18:20:50 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-27 15:01:11 0 d-----w- c:\docume~1\pat\applic~1\Uniblue
2010-07-27 04:12:05 0 dc-h--w- c:\windows\ie8
2010-07-27 03:49:22 0 d-----w- c:\docume~1\pat\applic~1\oovootb
2010-07-27 03:05:18 0 d-----w- c:\docume~1\pat\applic~1\ElevatedDiagnostics
2010-07-26 22:32:29 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-26 21:57:48 0 d-----w- c:\program files\Microsoft
2010-07-20 05:24:51 0 d-----w- c:\program files\iPod
2010-07-20 05:24:19 0 d-----w- c:\program files\iTunes
2010-07-14 20:52:45 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 14:04:12 0 d-----w- c:\program files\AIM Toolbar
2010-07-09 14:04:12 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2010-07-09 14:04:06 0 d-----w- c:\program files\common files\Software Update Utility
2010-07-09 06:10:38 0 d-----w- c:\program files\The Weather Channel FW

==================== Find3M ====================

2010-07-12 08:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-27 22:26:37 29236 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2008-09-17 23:12:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 17:00:09.82 ===============

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.Hi tap126 and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Ad-Aware
Ad-Aware SE Personal
Adobe Reader 8.2.3
CA Yahoo! Anti-Spy (remove only)
Java(TM) 6 Update 3
Spybot - Search & Destroy
URL Assistant
Viewpoint Media Player

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

If you encounter any problems uninstalling anything merely move on to the next in the above list and inform myself in your next reply.

Next:

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with RSIT:

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:
How is your computer performing now, any further symptoms and or problems encountered?
Malwarebytes' Anti-Malware Log.
Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

Due to the lack of feedback this Topic is closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.